← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications | Recorded Future
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
114
IOCs
HIGH VOLUME
Recorded Future's Insikt Group has identified a widespread cyberattack campaign involving Vortax, a purported virtual meeting software, which spreads infostealers to steal information on users of macOS.
amosvortaxrecorded futureintelligenceinsikt groupstealcatomic macosstealerfuturemarkopoloinsiktmacosresearchtravelsvortax spreadsinfostealersnetworkmalicious macosdemomoskautargetjunecontact
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Recorded Future Insikt macOS
Indicators of Compromise (114)
All CVE domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2023-20198 2025-02-22
CVE CVE-2023-20273 2025-02-22
domain 123mllhasbrasil.com 2025-02-22
domain aidigibrain.com 2025-02-22
domain assetsreserve.com 2025-02-22
domain betbhaibetting.com 2025-02-22
domain casino-legrand.info 2025-02-22
domain cheapcleanprotein.com 2025-02-22
domain crosscertify.com 2025-02-22
domain crosstacks.com 2025-02-22
domain deskpaypal.com 2025-02-22
domain ebolight.com 2025-02-22
domain eliteneatproductshop.com 2025-02-22
domain faruvinnovations.com 2025-02-22
domain garagemfinity.com 2025-02-22
domain hobbyplanners.com 2025-02-22
domain indianahomerates.com 2025-02-22
domain institutoangelabatista.com 2025-02-22
domain iuddy.com 2025-02-22
domain marylandhomerates.com 2025-02-22
domain msjessd.com 2025-02-22
domain nongduangmarket.com 2025-02-22
domain novatercaagilidade.com 2025-02-22
domain pegamente.com 2025-02-22
domain piloje.com 2025-02-22
domain plumbonwater.com 2025-02-22
domain repairleatherla.com 2025-02-22
domain shinudating.com 2025-02-22
domain showpiecekennelmating.com 2025-02-22
domain tripleplay-arg1.com 2025-02-22
domain vortax.io 2025-02-22
domain vortax.org 2025-02-22
domain vortax.space 2025-02-22
domain weworkhappy.com 2025-02-22
domain xhaxo.com 2025-02-22
FileHash-MD5 03661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-MD5 10a7b8d59806fca133d78f5343839d76 2025-02-22
FileHash-MD5 25a33a1830e4cdd64c0adf4943ddac1a MD5 of eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129 2025-02-22
FileHash-MD5 31ca60d3e59759fd0c0fba146e7cd0b5 MD5 of 8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-MD5 4b35a3872589f44c43469cf73c54b525 2025-02-22
FileHash-MD5 506f6cc894598d109c5f931923c6eba9 2025-02-22
FileHash-MD5 59e0990ec964f77de9201534e4232117 2025-02-22
FileHash-MD5 59f9e517f05a3391d1327ae4cdc7dcc0 MD5 of 7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496 2025-02-22
FileHash-MD5 5b226866bd8897be9cfc3772c2d6d7b6 MD5 of 5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-MD5 5b95e20f0f6b7ac98c66c34b6eee4b41 MD5 of 9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b 2025-02-22
FileHash-MD5 5c5c1899e6eee0e93eb3eb9efd20e3d8 MD5 of dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769 2025-02-22
FileHash-MD5 5d45cc81a22e6ba596b12db4baec5b20 2025-02-22
FileHash-MD5 5d6075e33a168dfa44492dbec5462c61 2025-02-22
FileHash-MD5 73c099168755acbc793675a5e64ca719 2025-02-22
FileHash-MD5 750baf928763a60343f8d48e45c4a4ca 2025-02-22
FileHash-MD5 88ed5da97f62cca4d7ad7917b747f8ad MD5 of 7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5 2025-02-22
FileHash-MD5 8da1243add410821b51484242571d089 2025-02-22
FileHash-MD5 8e6176eaea919bae5b75000244474d83 2025-02-22
FileHash-MD5 8f8214195ecf93fb81562bcd6122149d 2025-02-22
FileHash-MD5 8fb5de2498e48338825253f9d1659864 2025-02-22
FileHash-MD5 922afb7de0159e7b435290868c51f33c 2025-02-22
FileHash-MD5 9e5dc9028d4a404bf3d7aa412c58cfe8 2025-02-22
FileHash-MD5 9e9793265bbd40340a00ea57643666d7 MD5 of b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-MD5 b1817f23b4b0b09cd7db9e90eac166dd 2025-02-22
FileHash-MD5 bde29a5215e685805f00fee5f03de347 2025-02-22
FileHash-MD5 c34f8b6a299dd867a8d00b4fc50d91d9 2025-02-22
FileHash-MD5 cab622641242a6f2fcbb8a1ae2698fd2 MD5 of f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843 2025-02-22
FileHash-MD5 ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-MD5 dd005a5c5e6dbb3612f36635097db661 MD5 of 5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245 2025-02-22
FileHash-MD5 ece0da23c4f3f338e05b34198d9c1afe 2025-02-22
FileHash-MD5 f0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-MD5 f71a88cb0866480e5d8754b6a40accd9 MD5 of 73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-MD5 f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-MD5 fdde4aa36f7c2a444aab4601dd4238e1 2025-02-22
FileHash-MD5 ff54e863815d819cf4bf7abed65ceabb MD5 of 8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76 2025-02-22
FileHash-SHA1 1b18927fc7c6bc63a05bf2de679a67560a91ca55 SHA1 of eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129 2025-02-22
FileHash-SHA1 36feeb39b4683bc2837d1d3e1ac59e55d02aa5da SHA1 of 5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245 2025-02-22
FileHash-SHA1 399f17a0cdb9a514cb50199f93a67aec9c98f685 SHA1 of 73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-SHA1 4b6cff351898c62fb02736aa8f12988ee061497f SHA1 of 8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76 2025-02-22
FileHash-SHA1 53eef26caf355c25ed11494277168be19ea44ba8 SHA1 of 7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5 2025-02-22
FileHash-SHA1 872c08fb2b659e1375826ee6a6fe62c3352f881f SHA1 of 8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-SHA1 9d56b54643706787c16f0cae4e9e565c1e1a49ec SHA1 of f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843 2025-02-22
FileHash-SHA1 cb544080eebd6cb61299aaf342e226f5f9323002 SHA1 of b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-SHA1 ce27e809f4a2364e9232577c611622bcd0e8e502 SHA1 of 9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b 2025-02-22
FileHash-SHA1 d38478e50b41dc2e23501a681f700754889bd075 SHA1 of dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769 2025-02-22
FileHash-SHA1 d5e996a9d664f72f63b9a1e0dccc5a232a246214 SHA1 of 5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-SHA1 f0b3073061f837d1c24ba216d1e503bcc224b48c SHA1 of 7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496 2025-02-22
FileHash-SHA256 05219c02d66daad246eab2abccc35384c34f17ce1daa2fee21cf0bfee88e31b2 2025-02-22
FileHash-SHA256 4b35a3872589f44c43469cf73c54b525506f6cc894598d109c5f931923c6eba9 2025-02-22
FileHash-SHA256 5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245 2025-02-22
FileHash-SHA256 5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982 2025-02-22
FileHash-SHA256 5d6075e33a168dfa44492dbec5462c6142399b708ec0d038e3e1869141e6b378 2025-02-22
FileHash-SHA256 7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5 2025-02-22
FileHash-SHA256 73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8 2025-02-22
FileHash-SHA256 750baf928763a60343f8d48e45c4a4ca8da1243add410821b51484242571d089 2025-02-22
FileHash-SHA256 7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496 2025-02-22
FileHash-SHA256 856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c 2025-02-22
FileHash-SHA256 8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76 2025-02-22
FileHash-SHA256 8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc 2025-02-22
FileHash-SHA256 922afb7de0159e7b435290868c51f33c59e0990ec964f77de9201534e4232117 2025-02-22
FileHash-SHA256 93463142e354b05bbac20b9e9498ee5f8c9ea2488151ee6870189baab0b7e2ff 2025-02-22
FileHash-SHA256 9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b 2025-02-22
FileHash-SHA256 b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e 2025-02-22
FileHash-SHA256 bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d 2025-02-22
FileHash-SHA256 be7e5707e5e399aedcfb2800d7039ff050500be3bafd217ca9200abed8bef03f 2025-02-22
FileHash-SHA256 c34f8b6a299dd867a8d00b4fc50d91d9fdde4aa36f7c2a444aab4601dd4238e1 2025-02-22
FileHash-SHA256 dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769 2025-02-22
FileHash-SHA256 eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129 2025-02-22
FileHash-SHA256 f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843 2025-02-22
FileHash-SHA256 f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f 2025-02-22
URL https://vortax.io/assets/php-back/check-code.php 2025-02-22
domain addresshostscasino-legrand.info 2025-02-22
domain andhobbyplanners.com 2025-02-22
domain dadditionallikelystagingdomainsforfutureamosbuildsatshinudating.com 2025-02-22
domain eliteneatproductshop.co 2025-02-22
domain institutoangelabatista.co 2025-02-22
domain vdecksetup.dm 2025-02-22
email support@vortax.space 2025-02-22
hostname vortax.ioandthenow-suspendedvortax.space 2025-02-22
References (2)
↗ https://www.recordedfuture.com/the-travels-of-markopolo-self-proclaimed-meeting-software-vortax-spreads-infostealers ↗ https://go.recordedfuture.com/hubfs/reports/cta-2024-0617.pdf